Package org.forgerock.openig.security
Class ServerTlsOptionsHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.security.ClientTlsOptionsHeaplet
-
- org.forgerock.openig.security.ServerTlsOptionsHeaplet
-
- All Implemented Interfaces:
Heaplet
public class ServerTlsOptionsHeaplet extends ClientTlsOptionsHeaplet
Creates and initializes server-side TLS options in a heap environment.{ "type": "ServerTlsOptions", "config": { "sslContextAlgorithm" : String [OPTIONAL] "keyManager" : list of KeyManager [OPTIONAL] "trustManager" : list of TrustManager [OPTIONAL] "sslEnabledProtocols" : list of enabled protocols [OPTIONAL] "sslCipherSuites" : list of cipher suites [OPTIONAL] "alpn" : { "enabled" : boolean [OPTIONAL] } "clientAuth" : String [OPTIONAL] } }The clientAuth represents the expected client authentication to be provided and determines the authentication negotiation between the client and server. Possible values are NONE (the default), REQUIRED and REQUEST. If this is configured to use REQUIRED or REQUEST then a trustManager must also be configured.
See
ClientTlsOptionsHeapletfor a summary of other configuration options.
-
-
Constructor Summary
Constructors Constructor Description ServerTlsOptionsHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Objectcreate()Called to request the heaplet create an object.protected ClientTlsOptionstlsOptions​(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn)Factory method creating appropriateClientTlsOptions.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start
-
-
-
-
Method Detail
-
create
public Object create() throws HeapException
Description copied from class:GenericHeapletCalled to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()method.- Overrides:
createin classClientTlsOptionsHeaplet- Returns:
- The created object.
- Throws:
HeapException- if an exception occurred during creation of the heap object or any of its dependencies.
-
tlsOptions
protected final ClientTlsOptions tlsOptions​(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn) throws HeapException
Description copied from class:ClientTlsOptionsHeapletFactory method creating appropriateClientTlsOptions.- Overrides:
tlsOptionsin classClientTlsOptionsHeaplet- Parameters:
algorithm- the SSL context algorithm namekeyManagers- the array ofKeyManagers to usetrustManagers- the array ofTrustManagers to useciphers- the array of cipher suites to be enabledprotocols- the array of protocols to be enabledenableAlpn- indicate if ALPN (Application Layer Protocol Negotiation, a TLS extension) enabled- Returns:
- new
ClientTlsOptionssubtype - Throws:
HeapException- should there be a configuration error
-
-